2 Websites ruined by hackers

[Kimmen]

Let my first start with a praise towards TP. I wrote a post earlier about TP beeing the best system ever together with SMF. I really do standby what i wrote, so please don't get me wrong when i explain a bit about my problem using those two systems.

First & main problem is security. I was informed by our server host that my 2 website was hacked and this was related to some php exploits in the CMS i was using. They managed to overload the server (DDOS attack). The whole site is now gone and our host has suspended our account there and asked us to proceed to another hosting company. The only way to reopen our website, is if we use html only.

Now, as you mey understand, i'm a bit worried to use SMF & TP in the future and that is sad for me, because i really love the idea about SMF + TP and fell in love with the whole CMS. Are you working on getting future TP versions to be more secure against hacking attempt or am i stuck at a dead end. I am a noob and do not know much about securing my sites against hackers, but a friend mentioned that Joomla and PHP-Fusion is probably better against hackers, but i don't know.


Greets
Worried
Kimmen

[Zetan]

I have never had a forum hacked. Has your host told you how they got in?
They could have got in several ways, from another site on their server, an outdated install of SMF / TP. Which versions are you using?

How about that old install script?.. you know, the ones where you test things, like Wordpress, Joomla.. etc, only to settle on one or another and forget about the test installs which then become outdated and exploitable?

How were you attacked? a DOS attack has little to do with either as it's aimed at the servers, denying service. Was it your site targetted directly? If so, why? Have you upset anybody?

[Kimmen]

Yes i have upset someone yes.

I can give you the short version of the story if you don't mind. It all started with us accepting a new guy into our community which is a BF2 clan. Since we have one clan for the demo version and another one for the full version of the game, he was able to join both. www.mtsclan.com for demo and www.theoaps.co.uk for fullversion.

We learned after a few weeks that this new guy had hacked and destroyed a website that belonged to a rival clan and it got pretty messy. When the new guy got confronted by this, he totally denies it all categorical. The only mistake he did was talking to his friends about the hacking part in Teamspeak without realize i was there to. When i said that, he threaten me that if i banned him, or told on him, he would ruin both my websites, hack my computer and bank account if necessary. I first gave in and kept quiet.

Some days went by and admins were talking about all that happen. We decided to ban him from our community since we did not want him there anymore. He respond with ruin my 2 website first, the new one ive been working on for quite some time now. Our host said as i explained, that the site got a DDOS attack and that it was caused by exploits in the website etc, so that site we wont get back online.

Anywho, after this happen the admins on the 1 website decided to take him back because they did not want him to ruin the website as well. I really disagree on that decision and since the website is payed by me, i overruled the other admins decision because i know that people like the new guy means only problems. This i did yesterday. And now, both sites is messed up and i do not know if www.mtsclan.com was hacked or if the hacker convinced my admins to just delete the page, anywho, i checked my ftp and all is gone. Just one html file is left that says we were hacked and site is down.       

[Zetan]

Sorry you have had these problems with this member. If somebody wants to attack a site, there are many sites that you could get the information from to do it, you don't even need to be a hacker. There are sites that provide scripts which will do it for you, get a few mates together, a targeted effort. One server offline.

I sympathise with you, but you can't lay blame to SMF or TP.  I do strongly suggest that you report it to SMF. Do you have backups of the sites? Do you have logs of this members IP addresses? It is a criminal offence and I would be contacting their ISP, the police.. I would be making a lot of noise right now.


You also need to be giving the information requested. Software versions. What other software installs do you have outdated on your hosting space? None I hope.. It's an easy thing to overlook though. But, if you are testing software and decide not to use it.. remove it. It's a target.

I would have banned him outright, with a server ban.

[Kimmen]

The host of www.theoaps.co.uk banned his IP from their servers, but seems to me that did not help. The hacker has said that if we were stupid enough to report this to the Police, he would do all in his power to hack into our bank accounts and make real life trouble towards us, and to top it all, he said there was nothing we could do about it.

I runned btw TP 1.0.5 + SMF 1.1.8. I had different mods installed on each server, it was not many, but anywho, both went down. All mods i found in either SMF or TP site.

[Zetan]

Unless he has your details and is a world class bank hacker.. I has to say his threats of hacking into bank accounts are a puff of warm air.

There is nothing we can do.. But you do need to report it and you do need some logs, evidence. Like I said, you need to report this at SMF, they do have a reporting of hacking somewhere at their site.

And, yes.. I would be involving the police, because I wont have some spotty little geek behind a screen threaten me and get away with it.

[Kimmen]

I will think more about involving the Police, Duncan, that is founder of www.theoaps.co.uk has a policeman married in to his family, so i guess we could do some research there as well. Anyways, thanks for reply and i will fool around in SMF forums as well, to see if SMF is something i would use on the next site.

Greets
Kimmen 

[Zetan]

Good luck with it.. Give as much information as you can. You are peeved right now, but it's facts more than a sympathy call that are needed.

[IchBin]

A DOS is not a hacked site. A DOS is a "Denial of Service". This is caused by sending multiple packets across the network (internet), and hitting a server directly overloading the server resources. This in no way indicates that SMF and TP have been hacked. Since your host isn't willing to deal with the situation, then you don't have much of a choice to move. All you need to do is get his IP information, and find out which ISP he is using. Then send the logs of information providing proof to the ISP and show them that they are harboring such a person. They will most likely cut his service off. I agree with Zetan, give the guy the boot and be done with him. His threats about bank hacking are just that.

[macdse]

Yup, sounds like rubbish to me because the only thing a DOS attack does is put pressure on the server it is targeting and that has nothing to do with hacking into your website and destroying your work. Your host either did not want you due to maybe TOS violations and or just maybe they could not handle the attack because they too lazy or too dumb to tighten up their own security. This still sounds very fishy to me and like IchBin said this has nothing to do with deleting a website.

- On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.

A hacker (or, if you prefer, cracker) begins a DDoS attack by exploiting a vulnerability in one computer system and making it the DDoS "master." It is from the master system that the intruder identifies and communicates with other systems that can be compromised. The intruder loads cracking tools available on the Internet on multiple -- sometimes thousands of -- compromised systems. With a single command, the intruder instructs the controlled machines to launch one of many flood attacks against a specified target. The inundation of packets to the target causes a denial of service.

While the press tends to focus on the target of DDoS attacks as the victim, in reality there are many victims in a DDoS attack -- the final target and as well the systems controlled by the intruder.

[Kimmen]

Thanks for responding.

I have not managed to get anywhere with the host itself. All they say is that if we want a website with them, we can only choose HTML and not PHP. Anyways, we decided to look for a new host, but retrieving the lost work is a dead end. I will continue using SMF and TP for the future, but then i would need some help of the coders here at TP, because im not gonna sit for weeks to try get this site open as i want. Ill rather pay to get someone that knows how to, so they fix it for me. I have created a topic for support but no replies yet.

Anywho, thanks for the answers, i appreciate it.

[Ianedres]

If your host is only going to allow you to have HTML pages (and to not allow PHP at this point specifically) then you would be better off to move anyway. They are obviously unable to handle real-world issues with web hosting attacks and vulnerability concerns.

You will still have to deal with installing SMF/TP scripts and designing your site's content. My personal viewpoint is that doing it yourself will only help you later down the line with altering your site, rather than a 'turnkey' solution where someone does it for you.

[Skhilled]

While you are contacting the police, I highly suggest that you contact your bank as well. They will not like this and will probably do anything within their power to circumvent anything from happening.

If you live in the US then it becomes a federal crime as well.